Apple Apologizes About FaceTime Bug, Software Update With Fix Delayed Until Next Week
Apple issued the following statement to MacRumors today in which it apologized for a major FaceTime eavesdropping bug:
We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process.
We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.
Widely publicized on Monday, the FaceTime bug allowed one person to call another person via FaceTime, slide up on the interface and enter their own phone number, and automatically gain access to audio from the other person's device without that person accepting the call. In some cases, even video was accessible.
We demonstrated the bug in a video earlier this week:
Apple disabled Group FaceTime as a temporary server-side solution, preventing the bug from working any longer. Apple is also working on a software update with a permanent fix that it originally said would be available this week, but it has been delayed until next week, according to Apple's statement.
Apple thanked the Thompson family for reporting the bug—supposedly over a week before it made headlines—and said it is committed to improving the process by which it receives and escalate these reports in order to quash bugs faster.
Apple already faces a lawsuit in Texas and a proposed class action lawsuit in Canada over the bug. Given the serious privacy implications involved, it is certainly possible there will be more class action lawsuits to come.